tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity
4,704 Commits 31 Branches 527 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Ingo Schommer 46064f8f88 SECURITY More solid relative/site URL checks (related to "BackURL" redirection) 
Return true for Director::is_absolute_url() checks if they're prefixed with two or more slashes (as browsers interpret this as a valid URL)

More solid URL checks in Director::is_site_url(), using a conservative parse_url() hostname comparison rather than Director::makeRelative(), which is not designed for security purposes
2012-10-16 10:17:07 +02:00
api
MINOR Setting Content-Type to text/plain in various error responses for RestfulServer (from r114750)
2011-02-02 14:20:05 +13:00
cache
MINOR: updated typo in comment for Cache.
2011-02-02 14:19:58 +13:00
cli
MINOR Cleaned up tabbing and code formatting in automated task classes
2011-02-02 14:18:42 +13:00
conf
MINOR Fixed spelling mistake in ConfigureFromEnv class documentation
2011-02-02 14:19:10 +13:00
core
SECURITY More solid relative/site URL checks (related to "BackURL" redirection)
2012-10-16 10:17:07 +02:00
css
MINOR: Fixed an empty utility container adding extra padding to the bottom of table fields.
2011-02-13 15:54:05 +11:00
dev
MINOR: On PHPUnit 3.6, show the output of tests.
2012-02-01 11:01:49 +13:00
docs
Update widget documentation (fixes #706)
2012-08-08 21:21:58 +12:00
email
BUGFIX: Applied/edited paradigmincarnate's patch to quote plaintext email with htmlEmail (#5120)
2011-02-02 14:19:41 +13:00
filesystem
ENHANCEMENT Added File.ShowInSearch flag to mirror the existing SiteTree.ShowInSearch flag - e.g. useful to limit visibility of user-uploaded files. Enforced in MySQLDatabase->searchEngine().
2011-09-15 16:13:02 +02:00
forms
BUGFIX DateField wrong datepicker-%s.js path (fixes #6296, thanks martijn)
2011-02-02 14:20:07 +13:00
images
MINOR merged from branches/2.3
2009-01-07 23:00:54 +00:00
integration
MINOR Corrected Geoip entries for ex-Yugoslavia ... better late than never
2012-03-30 09:51:21 +02:00
javascript
Removed profanity
2011-08-22 18:33:25 +10:00
lang
Fixed grammatical error for Form.FIELDISREQUIRED
2012-10-05 18:04:38 +02:00
parsers
MINOR: Fix links etc, and remove www. from SS urls
2011-02-02 14:19:46 +13:00
profiler
MINOR Fixed phpdoc documentation
2011-02-02 14:19:15 +13:00
search
BUGFIX Consistently using Convert::raw2sql() instead of DB::getConn()->addslashes() or PHP's deprecated addslashes() for database escaping
2011-09-15 14:43:34 +02:00
security
BUGFIX Avoid privilege escalation from EDIT_PERMISSIONS to ADMIN through TreeMultiselectField (in Member->getCMSFields()) by checking for admin groups in Member->onChangeGroups()
2011-03-09 15:54:05 +13:00
tasks
BUGFIX Fixed MigrateSiteTreeLinkingTask not working correctly when CLRF newlines being used
2011-03-22 16:44:39 +13:00
templates
MINOR: Only show the CTF utility bar if there are utilities available.
2011-02-13 15:54:05 +11:00
tests
SECURITY More solid relative/site URL checks (related to "BackURL" redirection)
2012-10-16 10:17:07 +02:00
thirdparty
Removed profanity
2011-08-22 18:33:25 +10:00
widgets
Revert "BUGFIX: sort order of widgets is now fixed."
2011-02-02 14:19:46 +13:00
_config.php
BUGFIX EMAIL_BOUNCEHANDLER_KEY cannot be defined
2011-02-02 14:19:43 +13:00
_register_database.php
MINOR: repair installer for sqlite
2011-02-02 14:19:48 +13:00
.htaccess
BUGFIX Disallow web access to sapphire/silverstripe_version to avoid information leakage (from r114773)
2011-02-02 14:20:05 +13:00
cli-script.php
BUGFIX Fixed spelling error of $databaseConfig in cli-script.php causing database configuration to not load (thanks aimcom!)
2011-02-02 14:19:35 +13:00
main.php
MINOR Documentation
2011-02-02 14:19:15 +13:00
main.php5
MINOR phpdoc documentation
2009-03-22 22:59:14 +00:00
Makefile
BUGFIX: Removed references to php5 binary in Makefile
2011-02-02 14:19:22 +13:00
sake
ENHANCEMENT Making "sake" script more portable by using "/usr/bin/env" shebang instead of "/bin/bash" (fixes #6045, thanks sychan)
2011-02-02 14:19:54 +13:00
silverstripe_version
API CHANGE silverstripe_version file now contains the plain version number, rather than an SVN path
2012-02-01 18:54:59 +01:00
static-main.php
BUGFIX Bypass static caching through static-main.php when GET or POST parameters are set (regression from 2.3 API, fixes #5519, thanks ktauber)
2011-02-02 14:19:19 +13:00
web.config
BUGFIX Disallow web access to sapphire/silverstripe_version to avoid information leakage (from r114773)
2011-02-02 14:20:05 +13:00
Description
No description provided
162 MiB
Languages
PHP 99.4%
Scheme 0.5%